CBA FBA wilt LDAP problem when using connection between SUN LDAP 5.2

If you have a problem with between SPS2010 and CBA FBA with LDAP problem when using connection with SUN LDAP 5.2 (our  build 2007.093.1546)
You may getting fallowing error.
System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)     at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)     at System.DirectoryServices.DirectoryEntry.Bind()     at System.DirectoryServices.DirectoryEntry.get_AdsObject()     at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)     at System.DirectoryServices.DirectorySearcher.FindOne()     at Microsoft.Office.Server.Security.LDAP.FindOneObject(DirectoryEntry searchRoot, String filter, SearchScope scope, String[] propertiesToLoad, ResultPropertyCollection& entryProperties)     at Microsoft.Office.Server.Security.LdapMembershipProvider.GetUserAttributeBySearchProperty(String searchValue, String searchProperty, String returnAttribute)
04/10/2012 17:52:51.57  w3wp.exe (0x2420)                        0x3F18 SharePoint Foundation          Claims Authentication          0000 Unexpected Password check on ‘<USER>‘generated exception: ‘System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).’.
04/10/2012 17:52:51.61  w3wp.exe (0x2420)                        0x3F18 SharePoint Foundation          Claims Authentication          fo1t Monitorable SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).

For fixing the issue you may change your web.config files below and watch out for highlighted attributes and correct them according your envoriment.

1. In the web.config of the different part CA, Web App and STS you have:

<membership>       <providers>
<add name=”LdapConnection” type=”Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c”
server=”Your Server IP” port=”389″ useSSL=”false”
useDNAttribute=”false”
userNameAttribute=”uid”
userContainer=”ou=MyCustomOu,o=contoso,dc=contoso,dc=ldap
userObjectClass=”Inetorgperson”
userFilter=”(ObjectClass=Inetorgperson)”
scope=”Subtree”
otherRequiredUserAttributes=”sn,givenname,cn”
connectionUsername=”uid=postman22,ou=MyCustomOu,o=contoso,dc=contoso,dc=ldap
connectionPassword=”blog.bugrapostaci.com” />
</providers>     </membership>

3. After those changes you have been able to logon in the site collection using FBA.

For SUN LDAP 5.2
useDNAttribute should set to false and userNameAttribute must be uid
connectionUsername
attribute defines that which user account be used in binding . ( Thats not  prevents to other users logins.They can login sharepoint with their passwords)
important issue here defining the connectionUsername attribute like “uid:postman22” is not enough you may need to add full path like “uid=postman22,ou=MyCustomOu,o=contoso,dc=contoso,dc=ldap

 

c# LDAP can not Reset Password [SOLVED]

Hi Everyone ,

When i am working with LDAP noticed that the resetting password is very problematic . Finally i have found a solution.First of all you should configure your  activedirectory server with ssl authentication i’m not sure it isnecessary
but too many blogs and forums say to do that. Well ,to do so 🙂

And use this code to reset password in your client application

public static void ResetPassword(string dn,string userCN,string newpassword, string admin,string adminpass)
{
    //Create an active directory context
    DirectoryContext objContext = new DirectoryContext(DirectoryContextType.Domain,
        dn,
        admin,//you need admin privs.
        adminpass);
    Domain objDomain = Domain.GetDomain(objContext);
    DirectoryEntry de = objDomain.GetDirectoryEntry();
    //geting user password
    DirectoryEntry passUser = de.Children.Find("OU=PORTAL").Children.Find("CN=" + userCN);
    using (passUser)
    {
        //this is the common error line if you do not set correct configuration
        passUser.Invoke("SetPassword", new object[] { newpassword });
        passUser.CommitChanges();//don't forget to commint
    }
}

Usage is simple:

ResetPassword(“testdomain.umbrellacorp.local”, “MyTestUser”, “secret”, “testdomain\\admin”, “adminsecret”);

Someone who encounter with “Invoke SetPassword” error that possible forget to use DirectoryContext class.
DirectoryContext is the key point .This class can access server with appropriate connection settings.You dont need to
set any client configuration for example port,protocol etc.

For more information with DirectoryContext
http://msdn.microsoft.com/en-us/library/system.directoryservices.activedirectory.directorycontext.aspx

Happy codding …

c# LDAP Delete Active Directory user

Usage:
UserDn : ldap path of the user account which is gonna delete.
admin : Priviledged user to delete mean admin account
adminpass : you know what is this 🙂

Example:

DeleteUser(“LDAP://umbrella.com,CN=UserToDelete,OU=PORTAL,DC=TestDomain,DC=Service,DC=Local”,”TestDomain\\Admin”,”secret”);

public static void DeleteUser(string userDn, string admin, string adminpass)
{
    try
    {
        DirectoryEntry user = new DirectoryEntry(userDn, admin, adminpass);
        user.DeleteTree();
        user.Close();
    }
    catch (System.DirectoryServices.DirectoryServicesCOMException ex)
    {
        //DoSomethingWith 
     }
}

c# LDAP create new active directory user

public static string CreateUserAccount(string ldapPath, string userName, string userPassword)
{
    string oGUID = string.Empty;
    try
    {
        //    for example an ldap path : 
        //    10.20.12.11:389/OU=PORTAL,DC=TESTDOMAIN,DC=entptst,DC=local
        string connectionPrefix = "LDAP://" + ldapPath;
        DirectoryEntry dirEntry = new DirectoryEntry(connectionPrefix, "TESTDOMAIN\\admin", "secret");
        DirectoryEntry newUser = dirEntry.Children.Add("CN=" + userName, "user");
        newUser.Properties["samAccountName"].Value = userName;
        newUser.CommitChanges();
        oGUID = newUser.Guid.ToString();

        //If you dont have an SSL connection you can not set password
        newUser.Invoke("SetPassword", new object[] { userPassword });
        newUser.Properties["LockOutTime"].Value = 0;

        //Enable user
        int val = (int)newUser.Properties["userAccountControl"].Value;
        newUser.Properties["userAccountControl"].Value = val & ~0x2;

        newUser.CommitChanges();


        dirEntry.Close();
        newUser.Close();
    }
    catch (System.DirectoryServices.DirectoryServicesCOMException E)
    {
        //DoSomethingwith --> E.Message.ToString();

    }
    return oGUID;
}